Posted
by
michael
on Thursday April 05, 2001 @06:54AM
from the on-the-rebound dept.

nilstar writes: "Cnet has a story here about how Microsoft will revamp its "draconian" privacy policy. Better yet.... how about we get a warning on the bottom of the IE6 window saying that this site's privacy policy is unnacceptable every time someone logs on to a passport site." Looks like it has already been changed.
Update 10AM EST by J:
Make sure to check out the
Wired story
too. Jason Catlett of Junkbusters nails it: "if Microsoft doesn't know what's in its own terms of service regarding personal information, then what hope do its customers have for the privacy of their own information?"

I would add one concept that's sort of a personal bugbear, and is the primary reason I left mp3.com as a music hosting service:

Stability - if I'm in a legal agreement with some site, and they have a need to change the agreement that applies to me/my property, I see it as absolutely necessary that I sign off on the new terms or they don't take effect. It can be as simple as a clickthrough, and it's fine if most people don't read their TOSes, but for those of us that do, it's not acceptable to enter an agreement in which you have to monitor the other party because they get to do any changes they want to the agreement, and you tacitly consent BLINDLY to these changes and are bound by them unless you not only devote effort to checking up on them, but are willing to read, understand and act on a legal document in typically a very short time period, days.

Microsoft is still behaving entirely unacceptably in this regard, in that they have you agreeing in advance to any changes they make. That's a really awful situation that is begging to be abused.

Examples? I can cite examples from mp3.com of what _could_ happen. They started a program called 'back the band' in which you got to write derogatory things on other musician's web pages at mp3.com, which caused no small amount of upset and resentment. The TOS gives mp3.com complete control over their own pages so there was really no recourse, it was just a nasty surprise. You still had control of your tunes and DAM CDs, though you didn't keep full rights. Well, some time after mp3.com went to the 'auto-consent' form of contract, they slipped by a few changes, duly announced on the site as they said they would do. Notably, one change gives mp3.com unlimited powers to change, edit, alter etc. your _music_. What could this mean in practice? Three words: Back The Tune. The change clears the way for mp3.com to legally begin doing auctions for people to place their mp3ed advertisements IN your songs or ON your own CDs- or for that matter, to do auctions for people to make loud farting noises and proclaim you suck, IN your songs or ON your own CDs.

That's hypothetical- but legally, it would be totally within their rights under the new contract- and anyone still sticking around five days after the contract went up is subject to it, whether or not they've been made aware that there are new rules. Some seemingly minor wording can have very major effects: when Back The Band started, it's possible that mp3.com did _not_ expect it to become a lot of people posting nasty remarks and attacks on people's band pages, and yet that became a major problem, as well as ploys like "(artist name) loves (advertised other page name)!" which openly lie- it's like writing on someone else's page, "If you like my stuff you should go listen to (other act)!"- the assumption is going to be that the artist is speaking. And again, under the new rules, the way is open for _audio_ advertisements and/or abusive sound clips placed _in_ the victim's artworks. And the reason that situation exists is because under the mp3.com rules, they don't have to get you to sign off on legal changes- if you had to actively consent to such a change, many people would rightly balk at it.

And of course Microsoft is reserving the right for _it_ to come up with changes without its customers' active consent- and I think that it, too, should be avoided for that reason.

Speaking of TRUSTe, apparently IE 6 will include a little status bar icon showing if the site has a privacy policy. Not if the policy is at all acceptable or not, just if it is there. Of course all MS sites will show "Thumbs Up OK!", where visiting any normal site will produce "Oh No! Unknown! Scary!"

Very cute. Don't tell me- implemented by IE 6 checking against a special feature on IIS servers, so that only NT and W2K sites get the 'OK' and everything Apache is 'oh no, unknown, scary!'

Only for a brief period until the bug is fixed, of COURSE... it's just an OVERSIGHT...

We will not disclose any information about you to
any third party without prior negotiations with
said party on such terms as are transacted. We
will not use information provided or transmitted
by you other than for pecuniary purposes.

Translation:

We won't sell your information unless we are
paid. We won't use it ourselves except for
financial gain.

I was going to toss in a part about impregnationg
your cat and "all your kittens are belong to us,"
but I'm in a hurry . . .

Actually...doesn't TRUSTe only guarantee that a company is doing exactly what they SAY they're doing? So even if a certain company is "TRUSTe certified" it only means that they're screwing you over in exactly the way that they say they are (in legalese, of course, which is intentionally so mind-bogglingly convoluted that only laywers generally understand it - a sufficient vocabulary and a knack for substitution helps - but ask the average Joe what they're actually saying, and he won't be able to tell)

There are almost always better routes to take than to use the government. Boycotts, consumer organizations, etc., prove much less harmful than law. Law always gets twisted away from its original meaning, screwing over the people it was designed to protect. Consumer organizations take much longer to get things done, but without the negative side of having laws about such things.

Don't be too sure about that. Anybody sign up for Blockbuster's special movie rental program? (I can't remember what funky marketroid name they gave it - basically, every month they send you a small advertisement with a coupon for a free rental in it for $5/year, and you get an extra free rental for every so many paid rentals you have, etc.). I recently noticed the ads now have a tiny form (~ 2" x 3.5" or so) next to the coupon. On it is a notice, in tiny print, that says (to paraphrase) "If you don't notice, fill out, clip out, stuff it in an envelope, buy a stamp for it, and mail it to our marketing department with the 'I don't want more junkmail' box checked we're going to sell your info to our 'affiliates' so they can put you in their databases, too, and send you junkmail, too." I wonder how many people even notice that tiny form, and how few of them will feel like going through the effort involved in filling it out and sending it in. Looks like Blockbuster's counting on that and is now in the "mailing list" business as well....

The thing that really bugs me about it is that it's obviously an "opt-out" rather than an "opt-in" program, and they've done their best to make "opting out" a hassle while still being able to say "Hey, we TOLD them they could be left off of the list, it's their own fault if they didn't let us know..."

---"They have strategic air commands, nuclear submarines, and John Wayne. We have this"

Microsoft basically shot themselves in the PR foot and they deserve to get tweaked on this.

It was only two weeks ago that they announced the "Hailstorm" subscription services, centered around Passport, and then had to dodge the obvious question "Why should I trust my data to you guys?". It would have been alot easier if they weren't already claiming IP rights to data flowing through their system.

Speaking of TRUSTe, apparently IE 6 will include a little status bar icon showing if the site has a privacy policy. Not if the policy is at all acceptable or not, just if it is there. Of course all MS sites will show "Thumbs Up OK!", where visiting any normal site will produce "Oh No! Unknown! Scary!"

Not that this really makes any difference, it's just a small example in the psychological warfare involved in making the next generation of hosting services acceptable to the public. (Netscape did a similar thing with SSL and the overly big broken/unbroken key icon in versions 1-3). And when you get things like this instead of a 'Disable JavaScript' toolbar button, it just shows how the users aren't really driving the specs.--

Or is it MS is just too big? One of MS biggest successes is its ability to present itself as a Borgian entity with a collective consciousness capable of delivering a united front across hundreds of business units encompassing tens of thousands of employees.

I suspect that MS is reaching the point where the Gates/Ballmer micromanagement of MS and its public image is reaching a point where it doesn't work as well, and internal understanding among line management of the "MS Party Line" may be weakening.

Or perhaps the opposite, MS line management has only accepted the "Everything we do is legit" attitude and has forgotten how to act properly..

This is starting to get a little ridiculous. When they fenced off the public commons and called it capitalism, nobody in government objected. When they started gathering private consumption data and called it direct personal marketing, the mainstream press didn't raise a fuss. Now that they want to hold hostage our personal preferences and thoughts, the independent watchdogs are letting companies set the agenda without a comment. Is this how it is going to be, letting AOL/Time, Yahoo, MSNBC define the global rules of participation in a media rich economy? Is this going to be a world like the Prisoner when you wake up one day and find that you are no more than a number (<sarcasm> please take a ticket and join the queue for service rep but if you don't have any money/talent/influence forget about it as we'll deliberately ignore you til you go away</>). At least hackers have a choice, they have the talent and/or incentive to create their own little digital caves.

Why is this a fundamental concern? We are the sum of our thoughts, our desires, our memories. As we use electronic systems to craft our interactive environment, we define ourselves. Whever an EMACS macro set, custom shell resource scripts or personalised.Xdefaults, these represent a world that conforms. If the universe shifts (enw OS/window manager/etc) you can relocate. Pity the poor user who is not given a choice, either through ignorance, deliberate obscurity or forced "upgrades".

So what should be the principles of allowing an external third party have some control over our personal space? I would suggest at the minimum:

Transparency - any alterations in policies should be signalled and terms explained clearly. If there is to be retroactive alterations, at least state that up front instead of after the fact!

Reflectance - feedback mechanisms must adequately reflect the needs and expectations of the users. What are the dispute channels and resolution processes.

Op-out - there must be an clear exit choice such that you can transfer all user data with no discrimination or data corruption.

It is strange how software has shifted in the space of a decade from an ownership of the functionality to the suffurance to conformance to terms at convenience of the provider. The Prisoner might ahve full service in a model village, but what a mental limitation on eir horizon.

You dont think so? Remember, this is the company that presented forged evidence in a courtroom and lied into the face of a judge.

If a company is capable of that, where exactly do they draw the line? Could we have a statement from Microsoft where they clearly outline the corporate policy? It's ok to lie to a judge. Its not ok to assign customers property to us. It is ok to assign customers property to us, in case we can sell them another copy of what they had already paid for. What does the policy look like?

I certainly don't want people to be liable for software use unless they are explicitly paid to take this responsibility. Only companies with HUGE pocket books can even afford to consider the terms that they could take responsibility for their product's use and everyone with those pocket books knows better.

Actually TRUSTe only guarantees that a privacy policy exists and it is linked from the front page. There is zero effort put into actually seeing that the policy is followed in any way shape or form. TRUSTe is basicly a fraud perpetuated by businesses to make customers feel safe enough to be screwed over in the end.

140 million of those accounts are multiple accounts by one or two spammers. They just keep creating accounts and creating accounts and either using to send spam or to fill their lists of people who want to receive spam and then selling the lists as no bounce back lists. Besides do you really believe that any of the information in Hotmail's accounts is actually correct. It is just a warehouse for the spam of the world.

I know of 7 people including myself, who will never use hotmail again.

There are over 80 million people using hotmail. In the time it took you to mention your seven friends who will no longer use Hotmail, more than 7 new users joined hotmail.

When you're talking about a userbase of 80 million, 7 is not many, nor is 700, nor is 7000, nor is 70,000. Now I'm sure Microsoft wouldn't like to lose 70,000 members, but if they did it wouldn't be the end of Hotmail.

btw...the 80 million number is rounded down from 86 million and is over 6 months old. If you're going to take down hotmail 7 people at a time, you'd better get started soon!

In all seriousness - is there any way Slashdot could add an optional filter to remove "funny" content for those of us who don't think the 1,001th iteration of "Microsoft bad!", Slashdotting references, Beowulf clustering references and the likes are "funny?"

I hate to come across as a prick, but it's kind of annoying when this is the class of response heading most every story one reads.

A lawyer friend of mine believes...<deletia>...they are leaving themselves open to lawsuits for content composed and transmitted by users.

Pray tell me, what is good about this? Isn't there already enough ligitation as it is? And isn't that due in part to lawyers stretching and bending words in such a way that ANY policy or document can be grounds for ligitation? Thereby keeping themselves (the lawyers) in business and society in a constant state of paranoia?

I believe that the law was never intended to become a 'profit center'. It was intended to solve disputes which could not be solved otherwise. Nowadays it seems to be the other way around... Like technology which provides answers in search of questions...

This really doesn't affect the issue at all. The point is when your data is edited and stored on someone else's computer, you already cede many rights. Fine, for now they're making the terms and conditions a little better - but we still have to face the fact that companies will be able to update such licences (as they inevitably will do), and whilst there will no doubt be screams of complaint if they try to do this retroactively, people/will/ end up having to abandon their usual tools because the policy for use has changed. This is absolutely why you want to/own/ the software (or at least the licence) to use it, so that it continues to work as it always has (c.f. the Tivo article a couple of days ago) that way the worst that can happen is you start to lag behind - you're never going to find things that used to work don't anymore. Unfortunately, for Americans, is seems that the DMCA gives publishers the right to retroactively change how things work, or the licence you have for it, retroactively, whether you 'own' it or not!

but we still have to face the fact that companies will be able to update such licences

If a company changes the licence agreement -- like MS is doing -- does that mean that all the customers who agreed to the last one will have to say whether they agree / disagree with the new one? I fail to see how you could be bound by it if you have not agreed to it.

It might be too late for microsoft. Many people have already sworn to never use hotmail again, and this change in policy doesn't seem to be affecting them. Clearly microsoft realizes that these draconian licensing terms were affecting business.

It's clear that privacy is not their primary concern. Abusing users and maximizing profit regardless of morality seem to take the cake.

Much though we love to hate Microsoft, there was no way that this kind of land grab was what was intended.

Maybe, maybe not. I tend to agree with your whole overzealous lawyer bit. But still, think about this quote from the article...

if Microsoft doesn't know what's in its own terms of service regarding personal information, then what hope do its customers have for the privacy of their own information?

Maybe Microsoft does know what is in their own terms of service. Obviously somebody wrote it. A manager's manager's manager probably had to approve it, etc.

We'll probably never know. You're probably right. But I'm cynical enough about corporations at this point not to just assume it was all an honest mistake, now that they got caught.

Finally, Microsoft is easy to hate. And rightfully so. They have earned it. How? By doing crap like this. Did you pay attention to the day by day testimony of the antitrust trial? (I did.) OTOH, maybe we should all just have Love and warm fuzzies for Microsoft. Seems to work for some people.

The US government has disagreed to sign the privacy agreement with the EU, because it could 'hurt' big companies, therefor the privacy laws and policies are in the US less strict than in the EU, so if you want a stricter privacy law in the US, direct your arrows to the government of the US, since they could have put a law in place that forces every website in the US to obey strict privacy policies, but they refused to do that.

So if a company uses less strict privacy policies they are legally able to do that (if it's morally right is another thing). --

Maybe pressure from the users, like US, can actually make MS sit up and take notice that it's tactics are unacceptable. Take that one step farther and start writing them when something goes wrong with MS software and/or makes your machine lock up.

Just like most free services, the agreement you "sign" for a hotmail account is subject to change without notice. Basically, you agree to whatever Microsoft wants, and they agree to nothing.

If they change to something perfectly nice and friendly, all it means is that they will be good for at least as long as it takes to change the policy again.

Even if the new agreement is only binding if you continue to use the service (I forget how Hotmail phrases their "subject to change" clause), it would just be another case of waiting for customers to become dependent on the service then changing the terms. Some could reject the new terms to stopping service, others couldn't afford to.

Actually...doesn't TRUSTe only guarantee that a company is doing exactly what they SAY they're doing? So even if a certain company is "TRUSTe certified" it only means that they're screwing you over in exactly the way that they say they are (in legalese, of course, which is intentionally so mind-bogglingly convoluted that only laywers generally understand it - a sufficient vocabulary and a knack for substitution helps - but ask the average Joe what they're actually saying, and he won't be able to tell)

I know this is offtopic, but man, a script/program that performed this substitution would be great. If written objectively that is... Just run the privacy policy through the script/program and voila! Readable policy.
Lawyer vocabulary I'd bet isn't much bigger than a normal person's, just different. Same as medicine, a big part of learning medicine is learning a new language.
Just my two bits.

** It's known in every police-station that the trick to persuade people
through a *sandwich* of "crazy", nasty, difficult guys and obliging,
understanding "good" ones works beautifully (still), just at/. perhaps
less.

** The Ghestapo (the secret state police of the Nazis) nearly invariably
did visit their victims late in the night. Not exactly because they wanted
to imitate Mr. Hyde or Count Dracula, not in these cases at least. In the
occupied places and before starting any *razzia* en large, they did
"experiment" on a smaller scale first. "Let's test, let's discover how far
we can go--now." If the reaction from the natives, or the
"psycho(patho)logical" back-effects on their own cut-throats and internal
population were too "negative" and to awkward, then they did...
"accommodate", "enlighten"; for example by coming again in the night,
late, or at another day, et cetera. Already listened that, given enough
time, the drop excavates the rock, voila'. People get accustomed. What you
would never accept now, you might accept it tomorrow. Next time you will
be less shocked and less irritated.

There are ZERO signs, of course, that MS has changed. (Or then: it has
even worsened!--admitted that it's still possible.)

Microsoft claims that the policy is outdated and erroneously lifted from someplace else.

The problem with that excuse is that I can't imagine any situation where Microsoft would have a legitimate need to help themselves to a right to exploit a patent free of charge. I can imagine legitimate needs to copy and reproduce trademarks, copyrighted information, or even trade secrets if they were uploaded in order to run an internet service, but there is simply no non-slimy reason for ripping off the right to license someone's patents.

Even for the things that they might have a legitimate need to reproduce, the policy gives MS a lot more rights than they legitimately need. Exploiting someone else's trade or service mark for financial gain without compensation? Isn't that just theft?

The second problem I have with MS response is the amount of finger pointing and blaming. Shouldn't we expect the same kind of behavior if they were to violate their privacy policy. How can you trust someone who takes so little responsibility for errors.

Well you can always turn Anime off through the user options. But I can't understand sometimes why a perfectly URL'ed and documented submission won't be accepted, and then this FUD crap makes the front page.

Microsoft reserves the right to change the terms, conditions, and notices under which the Passport Web Site and Passport Services are offered. You are responsible for regularly reviewing these terms and conditions. Continued use of the Passport Web Site or Passport Services after any such changes shall constitute your consent to such changes.

This is actually a pretty standard clause in most of the policies I have read. Although this is the first that doesn't say it will contact you when it is changed so you can review - I just got one from ebay the other day. Even worse is exactly what you say, that if they do change their terms, they're not going to tell you.

YAGP(Yet Another Good Point)
I can't get anything posted either... no matter how good the stuff is, no matter how pertinent the subject matter. So it seems that the majority of the folks here have to just bitch and moan... ie: trolling. I know this is off topic of the article... but hey, I don't give a damn about anime yet I have to hear about it like it is news for nerds... stuff that matters? Sometimes you just have to wonder.

Go read Tog's article (www.asktog.com [asktog.com]) on what ReplayTV did, and what that means for subscription software. Once you subscribe to software, you lose the ability to freeze your features, to always get what you expect, and to vote with your wallet by not buying and upgrade.

Now look at privacy policies like Microsoft's. Sure they've "fixed" it. But I note that they haven't removed this piece.

Microsoft reserves the right to change the terms, conditions, and notices under which the Passport Web Site and Passport Services are offered. You are responsible for regularly reviewing these terms and conditions. Continued use of the Passport Web Site or Passport Services after any such changes shall constitute your consent to such changes.

In other words. They can always put it back to what it was before, and they won't tell you, and you will have "consented" if you continue to use it after they change it. (I see they at least got rid of the statement that using the web site at all constituted agreement--that would have meant that the act of reading the text was considered agreement.)

Web services are nothing more than subscription software sites. And privacy agreements can be "upgraded" at anytime. Show me one site that promises that their privacy agreement will never become less restrictive. And if you can, promise me that the agreement will survive a bankruptcy proceeding or even a sale of the company.

You have no privacy guarantees, on the web or off. In fact, it's worse off the web - see this Red Rock Eater Digest [somewhere.com] analysis of the new medical privacy rules, and then consider going to Defend Your Privacy [defendyourprivacy.com] and filling out the petition there.

Seriously though MS probably read this Salon article [salon.com] six days before the/. story. Or this Register story [theregister.co.uk] with a somewhat similar headline posted earlier on the 3rd.
I know this is an important issue so I'm not knocking the poster, but a few useful links in the original story would have helped.

And while it may be unpopular to say this here, MS's Privacy Policy is pretty good compared to others. It's a lot more specific and informative than a lot of other privacy policies carrying the TRUSTe mark... There's other TRUSTe certified sites out there that have worse policies. Whether having a better TRUSTe privacy policy actually does anything is another q., though.

I guess this is getting discussed elsewhere too, but for me the problem lies in the lack of a legally defined standard. sad but true. companies will only do s/thing about this if they think that they could dragged to court. i found lawrence lessig's 'code' and richard ellis smith's 'ben franklin's web site' to be good intros to this discussion.

Also, i know truste get hammered a lot, but i've been researching both truste and truste validated sites, and part of the problem is that there are many ways for truste validated sites to change their code in little hidden places (web bugs, 3rd party cookies etc.) w/out telling truste about it. it's very possible that the people doing the changes also do not know that the site that they are designing for is a truste licensee.

A bit o-t, but related to this, can anyone explain to me the advantages of (a) loading GIFs and (b) running cookie scripts between/BODY and/HTML tags. i know that the page does not load the gif, although it does cache it, but how does this affect cookies and the cookie warnings that you are supposed to get, if cookie warnings are turned on? (if it affects them at all)

Now they can only use your material if you give them a suggestion to improve the service (or tell them that they suck, or even that they rule). You see, they'll only take your stuff if you try to help them out. I'm still not satisfied.

Microsoft's Pilla said the company has different terms of use and privacy policies for each service in the MSN Network, including Hotmail, Passport and MSN Messenger. He said that each privacy policy is approved by Truste--a privacy policy auditor--and written with consumers' notice and consent in mind.

Here it is: bullshit. They just let you use their sticker to say you actually HAVE a privacy policy. It's misleading and (honestly) used by companies to lure people into the whole false sense of security thing. TRUSTe has never actually reviewed privacy policies...

> Which is scarier? MS is not being
> truthful about this situation or MS
> doesn't bother to check it's ToS
> agreements before it debut's new
> services?
Mmh, didn't you ever wonder why the ToS is written the way it is? I don't believe Microsoft wants to use your email in their marketing campaigns. I think it's an elegant way to say "our services are pretty easy to crack; so, if somebody breaks in and takes your data, there are no legal consequences for us."

No, I think that the./ community more surprised than anything. MS has a tendancy to wait after there is a public outcry against one of their policies and then change it down the road in an "upgrade", so that they don't have to acknowledge any actual fault. (Sort of like the Cuban Missle Crisis, where the US agreed to move the missle out of Turkey six months later to avoid any immediate apparances of reciprosity or capitulation.) It's nice to see them finally responding to customer criticism in a timely fashion. Maybe they will "embrace and extend" this idea to all their software and services...

It is Hotmail's policy to respect the privacy of its users. Therefore, Hotmail will not monitor, edit, or disclose the contents of a user's private communications unless required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on Hotmail; (2) protect and defend the rights or property of Hotmail; or (3) act under exigent circumstances to protect the personal safety of its users or the public.

It's in the faq, and it was in the faq before. It was in the faq on Tuesday, when this [slashdot.org] ripped-off post went up here on Slashdot, and it was in the faq Saturday [kuro5hin.org].

.....It might be too late for microsoft. Many people have already sworn to never use hotmail again.....

Unfortunately those preople are in the minority, being techies,/. readers, etc. M$ is still going to continue to rape and pillage the common man much the same way AOL does... by making it easy to not be tech-savy.

Do you really think Microsoft are going to give something away for free? Of course not. they are a commercial organisation. They charge for it. They only ask for the right to use anything that you post on their servers using their software.

Its not like anyone ever really produces anything worthwhile anyway. Most poeple are going to get it for free. Microsoft will only want something of sufficient quality for their products. The average cost per user for this will be quite small.

is how long it presumable took for this to be discovered - Hotmail must be one of the most used services on the Internet, and these stupid ToS agreements are supposed to be the things that (DMCA assumption) all the users have read and agreed to? If this doesn't prove beyond a doubt that "(virtually) nobody reads the EULAs" and that these things should not swing the legal weight that they do, then nothing will.

Charles Fitzgerald, Microsoft's director of business development,... said Microsoft has no plans to mine, sell, target or publish user data stored in HailStorm.

"Has no plans" is not the same as "will not". Microsoft will never stop angling for exploitive control over weak minds. Exploiting the weak is the soul of free market economics and Bill Gates is the Bugs Bunny of capitalism.

"if Microsoft doesn't know what's in its own terms of service regarding personal information, then what hope do its customers have for the privacy of their own information?"

That makes me feel much safer. If MS doesn't bother reading their own materials, then they certainly won't read my stuff. Clearly, their Passport system is the best place to hide my confidential data.-----
D. Fischer

Actually it was the resgister that got it done [theregister.co.uk]... I think it struck a deeper chord with more of the sites.

I do wish that more people would advocate Slashdot.org [slashdot.org] however, it does carry more of the topics that more mainstream sites don't have, even though it is the source of a lot of FUD [slashdot.org] sometimes.

Here is the relevant section, which seems to be much more acceptable. I say "job well done" to those who made a lot of noise over this, and for Microsoft in admitting their error and correcting it.

MICROSOFT'S RIGHT TO USE FEEDBACK OR SUGGESTIONS YOU SUBMIT

By submitting any feedback or suggestions to Microsoft concerning the Passport Web Site or the Passport Service, you warrant and represent that you own or otherwise control the rights necessary to do so and you are granting Microsoft and its affiliated companies permission to:

Sublicense to third parties the unrestricted right to exercise any of the foregoing rights granted with respect to the feedback or suggestions.

The foregoing grants shall include the right to exploit any proprietary rights in such feedback or suggestions, including but not limited to rights under copyright, trademark, service mark or patent laws under any relevant jurisdiction. No compensation will be paid with respect to Microsoft's use of the materials contained within such feedback or suggestions.

Microsoft is under no obligation to post or use any materials you may provide and may remove such materials at any time in Microsoft's sole discretion.

This section is inapplicable to any personally identifiable information that you provide in connection with your registration for the Passport Service(s). For terms and conditions governing use of such information and for more information on how the Passport Service works, please refer to the Passport Privacy Statement at http://www.passport.com/Consumer/PrivacyPolicy.asp . This privacy statement is controlling and overrides any conflicting language contained in these Terms of Use concerning use of such information.

This section also is inapplicable to any documents, information, or other data that you upload, transmit or otherwise submit to or through any Passport-Enabled Properties. Please refer to the terms and conditions for such Passport-Enabled Properties to determine the rights of the web site or service provider to such documents, information and/or data.

-------
-- russ

"You want people to think logically? ACK! Turn in your UID, you traitor!"

This is all mute, the fact is they let that policy be published at all, its just one step closer to sending customers away from them, one step closer to running out of money, one step closer to the edge
I think they really are about to break!

Maybe pressure from the users, like US, can actually make MS sit up and take notice that it's tactics are unacceptable. Take that one step farther and start writing them when something goes wrong with MS software and/or makes your machine lock up.

Just imagine the truckloads of mail destined for Redmond every day....

Just imagine the innundated mailrooms.

Just imagine thousands of people strugling to even so much as skim every letter regarding technical details with Microsoft products.

...a script/program that performed this substitution would be great. If written objectively that is... Just run the privacy policy through the script/program and voila! Readable policy.

This is exactly what the Platform for Privacy Preferences [w3.org] (P3P) is : a way to state privacy policy in XML. It's great in the sense that we won't have to wade through legalese gibberish, but many are worried that there will be a push to automate entirely the verification of a privacy policy (and myself, I'd rather not have MS software making my privacy decisions for me). That's what the poster above was referring to when mentioning the new icon in IE6, which apprently will have native P3P support.

Of course, a privacy policy, whether machine or lawyer readable, doesn't actually prove that a company behaves as stated. This is true also for the likes of TRUSTe - just because a site has the logo doesn't tell you jack about what that site's practices really are, it merely tells you they were prepared to stump up the five grand for the logo. And what happens when a site is found to be in breach of it's own policy, as rubber-stamped by TRUSTe? Nothing. As far as I am aware, TRUSTe have never revoked a site's membership, despite several incidents where companies were found out.

I don't see seal schemes or P3P solving the underlying problems. I'd like to see privacy policies become more like true contracts, with the full force of the law on your side when there's a breach. Course, that's not likely to happen anytime soon in the US, given the current administration's reluctance to take steps which would "impact the US economy". You could have used that same argument to lobby against the abolition of slavery, but I think I'm getting off topic now....

The terms of use for Passport, which has 160 million customers, also give Microsoft authorization to "sublicense to third parties the unrestricted right to exercise any of the foregoing rights granted with respect to the communication" and "publish your name in connection with any such communication."

160 million customers?! Is that correct, or are there really that many uninformed people out there housing all there passwords, and personal and site info in one central location on an internet server?! And an MS one at that. I understand that every internet server houses your login and password when the site is set up that way (to require passwords to login), but to put everything in one place makes it an awfully inviting site to crack into and steal people's identities.

Even if the figure is 1.6 million or 16 million, I think that's still too many people entrusting a company with all of their personal info. Can someone give me the correct figure so I can better understand just how blindly the public is of everything these days?

Having said that, I realize that credit card companies, credit agencies, the government, etc. house all of my personal info. Unfortunately I have no choice but to give it to 'em, because I can't get a job, house, etc. without doing so. I think that's pretty messed up, but such is life. But I DO have the choice of not giving a site like Passport all my info, so why would people willingly give it up?

>
I didn't say it was good. I said I like it. I agree with you about all the rediculous litigation caused by ambulance chashing barristers. All these "legalities" so stupidly expressed in legalise doubletalk, such as in the M$ Privacy Policy, carry within them their own annulation of meaningfulness, if not the seed of their own destruction. I find that amusing. I enjoy watching the injust destroy themselves a little at a time. It is my opinion that if you are looking for Justice, the "law" is the last place you'll find it.

A lawyer friend of mine believes their privacy policy, in a stretch (and lawyers are very good at stretching things), Microsoft who "owns" the commications of its users (hotmail etc), is therefore responsible for them and their content. Therefore they are leaving themselves open to lawsuits for content composed and transmitted by users.

I know of 7 people including myself, who will never use hotmail again. I basically used hotmail for my eBay acct...
After reading the ToS, I changed my email for eBay to a "hushmail" acct... https://www.hushmail.com
HushMail is the world's premier secure Web-based email system. We offer total end-to-end security. Thanks to a unique keypair management system, HushMail eliminates the risk of leaving unencrypted files on Web servers - a recognized point of vulnerability in other systems. Despite this unsurpassed level of security, sending and receiving encrypted email messages and attachments is as simple as clicking a mouse...
No more hotmail for me, and 7 friends of mine...hopefully this will spread...

The issue is that they dont ask. They tell in an agreement that most people click right through. I dont trust m$, so I ditched my only hotmail account a while ago. They advertise a free email service. While I am quite aware of the TANSTAFL philosophy, they should not advertise it as free, if there is a cost. The common assumption is that they get their $ from advertising and linking. The point is that this is another example of their attempt to obfuscate and hide thier true intentions to lure people into using thier service. They want the customers who want privacy, and to violate that privacy. Kinda the cake and eat it too. And they got caught, but instead of confessing, they are saying that ooohhh... it was all a big misunderstanding.

What if someone emails me a code or code snippet for review (for whatever reason, yes, it is insecure, but people have done it.). Does that mean that I think that m$ should have access to it? Not at all. m$ should respect my intellectual property, since it is, after all, the great protector of intellectual property (its 'own' anyway)
-CrackElf

Much though we love to hate Microsoft, there was no way that this kind of land grab was what was intended.
I suspect that some lawyer got overzealous when setting up the original legalese, and that MS has now realised what was actually up there.

b - u - l - l - s - h - i - t.

There's NO WAY MS didn't know what was in their own ToS.

True to form, they just wanted to see how much they could get away with before the slack-jawed, glassy-eyed public squealed, or grunted, or did something else that a lab rat in a cage might do when you poke it with an electrical probe.

Man... I just finished ripping apart my Hotmail account and deleting messages and addressbook entries. Just stuff I'd classify as "not intended for prying Microsoft eyes." Perhaps a bit reactionary, but I think any license agreement that leaves open the possibility of that kind of abuse is unacceptable.

Of course, now that I practically dumped my account, they "fix" the agreement. I should have seen that coming.

I am in the process of distancing my website www.52ndstreet.net from Microsoft's passport site where it previously resided. They sure don't make this easy though as there is no mechanism for deleting an account. To remove your email/website account you must not logon for 90 days after which they will delete the account for you. There seems to be a contradiction here over the stated business goals of MS. On one hand they say that they are a commercial OS/software company. Ok, I accept that. But what is all of this non commercial stuff with passport, communities, MSN etc. This stuff is distictly consumer entertainment in nature and could best serve Microsoft in a public relations role. Someone has sabotaged the public relations benefits of passport by creating a threatening and unfriendly mood associated with the services. I certainly noticed a tilt in this direction some time ago in their conscious decision to present content full of sexual references. That is the most hard core business marketing ever devised and hardly appeals to me. Its not "fun", or "friendly", just creepy. By MS's efforts to continually redefine MSN its obvious that strategy hasn't panned out. So what is the motivation behind these obviously desperate attempts to make an inherently unprofitable venture show a measure of profit on some accountants ledger? Is some group of executives within Microsoft trying to justify their high salaries on a flawed marketing strategy? The whole MSN experience, given Microsoft's commercial business strategy, can be no more than a public relations ploy, nothing more. It should be used to encourage MS customers to stay on the MS boat; a cheerleading effort. The decision to cancel my email and web account came after it became obvious that this continual effort to squeeze blood from a rock could have a signifigant impact on my personal intellectual property and security. Will Microsoft bring a subscription model to MSN? I have developed the capability to duplicate some of MSN's funtionality by deploying my own services. Things that I have not been able to develop on my own I have found elsewhere on the web by people, like me, who offer those services at no cost because they simply want to and are not driven to do crazy things to show a profit. Its pretty obvious from my standpoint that Linux offers most of the benefits of Microsoft products at greatly reduced cost(example, firewall masquerading on a thrownaway 486 with linux, not possible with MS products). Given that both OS's require time and effort in their deployment, I'll elect not to pay reoccuring fees for services that can be adequately provided by Linux or other computer entheusiasts over the internet.
P.S.P.S.P.S.P.S.P.S.P.S.P.S. Looking at a headline from MSN "Can your name hurt you?" Is it really a MS corportate aim to sow hate and mistrust among the public? Thats just freeking creepy.

It is too late in my opinion. I have had several email addresses through various sites and by far the hotmail account receives more SPAM than the others combined. It's about time that people got wise to Microsoft's privacy scam.

The Register [theregister.co.uk] have posted a similar story to this. This "new revamped policy" is apparently based on TRUSTe which does not guarantee the privacy of your messages, just data about you.